Abstract

The federal government, all fifty states, and dozens of foreign countries have enacted computer crime statutes that prohibit "unauthorized access" to computers. No one knows what it means to "access" a computer, however, or when access becomes "unauthorized." The few courts that have construed these terms have offered widely varying interpretations. Several recent decisions suggest that any breach of contract renders an access unauthorized, broadly criminalizing contract law on the Internet.

In this Article, Professor Orin Kerr explains the origins of unauthorized access statutes, and examines why the early beliefs that such statutes articulated a clear standard have proven remarkably naive. He then shows how and why the courts have construed these statutes in an overly broad manner that threatens to criminalize a surprising range of innocuous conduct involving computers. Finally, Professor Kerr offers a normative proposal for interpreting "access" and "authorization." Courts should reject a contract-based theory of authorization, and should limit the scope of unauthorized access statutes to circumvention of code-based restrictions on computer privileges. This proposed interpretation best mediates between securing privacy and protecting the liberty interests of Internet users. It also mirrors criminal law's traditional treatment of consent defenses, and avoids possible constitutional difficulties that may arise under the broader constructions that courts have recently favored.